and thus different keys. so what's the issue? On Wed, Mar 4, 2015 at 1:16 PM, Mathieu Gagné <mgagne at iweb.com> wrote: > On 2015-03-04 1:10 PM, matt wrote: > >> use a pgp signing key with pass phrase and sign the release / packages >> files. ubuntu already does this. >> >> > You also need to sign the packages before uploading. > You can sign the packages AND the repository. > Both are done by different actors: uploader, repo manager. > > -- > Mathieu > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150304/4388fa0b/attachment.html>